Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2024-4598
CVE-2024-4598:
WSO2 API Manager vulnerability analysis and mitigation
Overview
CVE-2024-4598 is an information disclosure vulnerability affecting multiple WSO2 products due to improper implementation of the enrich mediator. The vulnerability was disclosed on September 23, 2025, and was reported by WSO2 LLC (WSO2 Advisory).
Technical details
The vulnerability stems from improper implementation of the enrich mediator where internal state is not properly isolated or cleared between executions. This allows authenticated users to view unintended business data from other mediation contexts. The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The weakness has been categorized as CWE-1259 (Improper Restriction of Security Token Assignment) (NVD).
Impact
While the vulnerability does not impact user credentials or access tokens, it can lead to the leakage of sensitive business information handled during message flows. The vulnerability allows authenticated users to access business data from other mediation contexts that they should not have access to (WSO2 Advisory).
Additional resources
Source: This report was generated using AI
Related WSO2 API Manager vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management